Merge "Prevent installing apps in policy restricted work profile using ADB" into udc-dev

commit: 2297912e3ad4fe9a5dacef65187a5956da172e68 [log] [tgz]
author: Sumedh Sen <sumedhsen@google.com> Fri Apr 14 00:35:58 2023 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Fri Apr 14 00:35:58 2023 +0000
tree: 7512e6415ef9e13091e50660d0e61686997a6d2a
parent: cb5bc8ee4371acb3263737f6148127b4f096c72f [diff]
parent: 4b755a5a0b428d5d06aac9481d517a91db84fa0d [diff]
diff --git a/services/core/java/com/android/server/pm/InstallPackageHelper.java b/services/core/java/com/android/server/pm/InstallPackageHelper.java
index f0ba872..ad8a9ba 100644
--- a/services/core/java/com/android/server/pm/InstallPackageHelper.java
+++ b/services/core/java/com/android/server/pm/InstallPackageHelper.java

@@ -2265,10 +2265,26 @@
                     // The caller explicitly specified INSTALL_ALL_USERS flag.
                     // Thus, updating the settings to install the app for all users.
                     for (int currentUserId : allUsers) {
-                        ps.setInstalled(true, currentUserId);
-                        if (!installRequest.isApplicationEnabledSettingPersistent()) {
-                            ps.setEnabled(COMPONENT_ENABLED_STATE_DEFAULT, currentUserId,
-                                    installerPackageName);
+                        // If the app is already installed for the currentUser,
+                        // keep it as installed as we might be updating the app at this place.
+                        // If not currently installed, check if the currentUser is restricted by
+                        // DISALLOW_INSTALL_APPS or DISALLOW_DEBUGGING_FEATURES device policy.
+                        // Install / update the app if the user isn't restricted. Skip otherwise.
+                        final boolean installedForCurrentUser = ArrayUtils.contains(
+                                installedForUsers, currentUserId);
+                        final boolean restrictedByPolicy =
+                                mPm.isUserRestricted(currentUserId,
+                                        UserManager.DISALLOW_INSTALL_APPS)
+                                || mPm.isUserRestricted(currentUserId,
+                                        UserManager.DISALLOW_DEBUGGING_FEATURES);
+                        if (installedForCurrentUser || !restrictedByPolicy) {
+                            ps.setInstalled(true, currentUserId);
+                            if (!installRequest.isApplicationEnabledSettingPersistent()) {
+                                ps.setEnabled(COMPONENT_ENABLED_STATE_DEFAULT, currentUserId,
+                                        installerPackageName);
+                            }
+                        } else {
+                            ps.setInstalled(false, currentUserId);
                         }
                     }
                 }
commit	2297912e3ad4fe9a5dacef65187a5956da172e68	[log] [tgz]
author	Sumedh Sen <sumedhsen@google.com>	Fri Apr 14 00:35:58 2023 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Fri Apr 14 00:35:58 2023 +0000
tree	7512e6415ef9e13091e50660d0e61686997a6d2a
parent	cb5bc8ee4371acb3263737f6148127b4f096c72f [diff]
parent	4b755a5a0b428d5d06aac9481d517a91db84fa0d [diff]